July 1, 2008

Protecting Your Web Browsing

I am a bit of a privacy fanatic. I am that person; you know the one who…
  • Checks the boxes in the privacy statements to prevent companies from selling my information to their affiliates
  • Proactively establishes fraud alerts on their credit profile, requiring extra identification when applying for credit
  • Maintains separate “secret” e-mail addresses for my financial and other sensitive correspondence (on a server I own and operate)
  • Uses passwords so long it feels like it takes a week to type them in
  • Encrypts their private data, and only takes the private data that is imminently necessary
  • I use a separate browser just for sensitive internet usage.
  • As well as so many other things
I do everything within my power to maintain my privacy except where I expressly want to give it up.
Have you ever heard the question, “If you have nothing to hide why are you hiding everything?” My answer is choice. If I choose to give up my information than it is voluntary. Additionally, the information I decide to give, when I give it, how I give it, whom I give it to, and why I give it are all my choice. If I do not take the time to decide these things, I am leaving someone else to decide how they use my information. No matter who it is, they do not have my best interests in mind when they utilize my information; they are only considering their interests. I chose to take on this arduous task, however I could accept the risks and allow others to handle MY private information how they see fit and divulge it in managers they believe reach their standards of security.
Are you wondering where I am going with this yet? My girlfriend and I are enjoying a week and a half long relaxing vacation in our nation’s capitol, Washington, D.C. We are staying in a beautiful hotel just outside of downtown D.C. In the lobby of the hotel, they provide free wireless internet (it costs $9.95 a day for internet in your room, I am cheep and the venture to the lobby is okay with me). Free wireless internet also typically comes with the *snicker* high security of open Wi-Fi. I am a proponent of open Wi-Fi in my home, which is a discussion I will follow up on in another post, in the setting of a public widely used access point I am not that comfortable. Open Wi-Fi offers no encryption of my traffic: instant messages, calendars, documents, e-mails, passwords, and the list continues. While someone eavesdropping on my internet activities worries me, I am more worried about the hotel I am staying at collecting that browsing information. Every bit of traffic sent through their wireless router, is subject to their security and their procedures. Who knows if there is a proxy server in there capturing all my traffic, logging whom I am, where I went, for how long, and countless other pieces of information, all before sending me to my destination.
This brings me to my point how do you protect yourself. My choice is using SSH, which stands for secure shell creating a heavily encrypted channel between my computer and my server. Once I am logged on to  ­my server, I establish a “tunnel” simply a port on my local machine that takes all the traffic generated on my machine and sends it over that encrypted channel to my sever which then sends it out to the Internet. This is the simplest technique to secure your communications while in an unknown or un-trusted internet environment. This technique is easy to set up and requires little experience.
Setting up an SSH server is a bit outside the scope of this entry but here are some useful links
Setting up an SSH client in Windows (PuTTY)
  1. Download PuTTY (sorry if anyone like some other program, PuTTY is easy, and used by myself and everyone I know)
  2. Open PuTTY, which brings you to the PuTTY Configuration dialog.
  3. On the left of the dialog there is an expander for SSH (under the Connection tree), expand it to show the Tunnels configuration.
  4. Enter into the Source port the port you wish to use on your local machine (I know the low 5000’s are empty, web page traffic is typically port 80 so I usually use 5080), leave the Destination box empty, change the next line from Local to Dynamic.
  5. Click the Add button next to Source Port, D5080 should appear in the forwarded ports section (where 5080 is the port number you entered in the Source port box)
  6. Go back to the session tab (the first page that came up when PuTTY opened), enter the address of the machine you wish to connect to in the Host Name box, in my case, I have SSH setup on the domain hosting my blog t3hph33r.com. I also am going to save these settings so I can re use them in the future by entering a name in the saved sessions box, then clicking save. When I want to bring back my settings I click on the load button and everything will be filled in.
  7. Click open to connect to the server (if this is the first time you may be prompted with a message asking you to verify the SSH key, this should only happen the first time you connect, if it happens again your server may have been compromised). This will give you a prompt asking you for your login and password on the SSH server. Once you enter your login and password, you are connected and your private connection is established.
  8. The final step is to set up your browser (found below)
Setting up an SSH client w/forwarding in *nix
  1. If you are running any common distribution of *nix you most likely have SSH already installed but if its not use your distributions package manager to retreive it (usually called OpenSSH sometimes just SSH)
  2. Open a terminal
  3. Type the following command in at the prompt ssh -D 5080 user@host
    1. User is your user name on that machine
    2. Host is the machine’s address (this can be an IP such as 123.456.78.90 or a domain name such as caffeinated-code.com)
  4. The final step is to set up your browser (found below)
Setting up your Browser
These instructions are for the latest versions of major browsers as of this writing so older versions may have different nomenclature. Older browsers are usually large security risks, you should consider upgrading to the latest version of your preferred browser
  • Google Chrome:
    1. Go to the Customize and control Google Chrome menu then to Options
    2. Click Under the Hood
    3. Scroll down to Network
    4. Click Change proxy settings
    5. In the LAN Settings dialog select ‘Use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections)
    6. Click Advanced in the Socks box enter localhost after the : enter 5080 (where 5080 is the port you selected in PuTTY)
  • Firefox 3:
    1. Go to the Tools menu then to Options
    2. Click Advanced
    3. Click the Network tab
    4. In the Connection area click Settings-this should bring up the connection settings dialog
    5. Select Manual proxy configuration.
    6. Leave all the boxes empty except the SOCKS boxes under host type localhost and in the port box enter 5080 (or the port you chose in PuTTY)
    7. Click OK or Accept on all the dialogs
  • Internet Explorer 7
    1. Go to the Tools menu then Options
    2. Select the Connections tab
    3. Click the LAN Settings button near the bottom
    4. In the LAN Settings dialog select ‘Use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections)
    5. Click Advanced in the Socks box enter localhost after the : enter 5080 (where 5080 is the port you selected in PuTTY)
  • Opera 9.5:
    1. Opera sadly does not support SOCKS proxy but there is a work around that is explained by this blog
This should serve you on your next business trip or vacation protecting your browsing, information, identity, and security.